https://community.appian.com/discussions/f/integrations/20693/integration-of-appian-with-keyclockWe would like to implement authorization using keycloak in Appian. Can anyone suggest anythingen-USTelligent Community 12https://community.appian.com/thread/80664?ContentTypeID=1Thu, 01 Apr 2021 15:23:45 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:faaad890-f4bf-4cd5-80c7-c7ac09323640juergeng393<p>Hi,<br />you just follow the documentation here:<br /><a href="https://docs.appian.com/suite/help/21.1/Appian_Administration_Console.html#saml-authentication">https://docs.appian.com/suite/help/21.1/Appian_Administration_Console.html#saml-authentication</a></p> <p><a href="https://docs.appian.com/suite/help/21.1/SAML_for_Single_Sign-On.html#how-to-add-a-saml-identity-provider">https://docs.appian.com/suite/help/21.1/SAML_for_Single_Sign-On.html#how-to-add-a-saml-identity-provider</a></p> <p>You can just add another SAML Identity provider. And of course you might specify the landing page for the external users in the Admin Console based on their group membership. The SAM assertions supports now the group attribute.</p> <p><a href="https://docs.appian.com/suite/help/21.1/Appian_Administration_Console.html#user-start-pages">https://docs.appian.com/suite/help/21.1/Appian_Administration_Console.html#user-start-pages</a></p> <p>You might have to consider the overall architecture of the Appian Platform. Not sure if you are on premise or on cloud. The load balancer you are using has to be configured exposing the Appian Platform with an external IP. You might consider to put a rule into your Web Application Firewall (WAF) to prevent the external URL is accessible for the public. Even if you are on the Cloud already that might be a good idea.</p><div style="clear:both;"></div>https://community.appian.com/thread/80635?ContentTypeID=1Thu, 01 Apr 2021 08:09:34 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:363dbf8a-92e6-4d83-8198-3615d434f3c4bihitakdass<p>Hi Juergeng</p> <p>Thanks for the inputs, our requirement for SSO is as follows.</p> <p>1. We have users internal to our organization in which we are already using Appian inbuilt SAML 2.0 with our organization infrastructure to authenticate with SSO during Appian accessing of sites and tempos.</p> <p>2. We have to implement&nbsp;<span>Keycloak for our external users which are not in our organization so that they can be authenticated using SSO in Appian.</span></p> <p><span>&nbsp;</span></p> <p><span>Since we are already using the SAML 2.0 of Appian for our internal organization users , how can we leverage&nbsp;the same for &quot;Keycloak&quot; for external users.</span></p> <p><span></span></p> <p><span>Please help!!</span></p><div style="clear:both;"></div>https://community.appian.com/thread/80624?ContentTypeID=1Wed, 31 Mar 2021 18:14:30 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:37e08165-5007-4d5b-8b66-7db9375aa15ajuergeng393<p>To make a suggestion depends on knowledge about your infrastructure. What kind of protocol you are trying to use?<br />SAML 2.0?<br />Then the approach should be pretty much forward.&nbsp;<br />1. Install the Keycloak Servers<br />2. Establish the SSO with the Keycloak Servers - e.g. connection to LDAP etc.<br />3. Configure Appian for SAML 2.0 usage at the Admin Page referring to the Keycloak URL</p> <p>Following both documentions - Appian and Keycloak - it should be possible</p><div style="clear:both;"></div>